#!/bin/bash
#
# Security abstractions for subscription and other core functions
#
# Author:   Dr. Mike Murphy (mmurphy2@coastal.edu)
# Revision: 18 November 2013
#
#   Copyright 2013 Coastal Carolina University
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.
#


# Security sections: ${P_STATEDIR}/security/<section>/<provider>/
# Abstraction should pass the resulting directory to the underlying
# security provider, so that it has a "home directory" with which to work.
# The directory should be created before invoking the provider (though
# this will tend to create a bunch of empty directories for providers that
# don't use them).


## psec_verify_signature <section> <provider> <signature file> <target file>
##
## Verifies the security signature of <target file>, using the signature
## stored in <signature file> and security provider <provider>. The
## <section> is the section of the Pulley security tree that contains the
## provider files for a given application.
##
## Returns 0 if successful, non-zero if an error occurs.
##
function psec_verify_signature() {
	local path="${P_STATEDIR}/security/$1/$2"
	local status=1
	
	if lazy_load psec_$2_verify_signature "security" "$2.provider"; then
		mkdir -p "${path}"
		status=$?
		
		if ((status == 0)); then
			psec_$2_verify_signature "${path}" "$3" "$4"
			status=$?
		fi
	fi
	
	return ${status}
}


## psec_import_key <section> <provider> <URL>
##
## Imports a security key from <URL> into the <provider> directory within
## the <section> of the Pulley security tree. Returns 0 on success, non-zero
## if an error occurs.
##
function psec_import_key() {
	local path="${P_STATEDIR}/security/$1/$2"
	local keyfile=
	local status=1
	
	if lazy_load psec_$2_import_key "security" "$2.provider"; then
		keyfile=$(p_download_temp "$3")
		status=$?
		
		if ((status == 0)); then
			mkdir -p "${path}"
			status=$?
		
			if ((status == 0)); then
				psec_$2_import_key "${path}" "${keyfile}"
				status=$?
			fi
		fi
	fi
	
	return ${status}
}


## psec_export_key <section> <provider> <output file> [keyid]
##
## Exports a public key from the security provider's key store, saving it
## in the <output file>. The <section> and <provider> are used to locate
## the key store, while the optional [keyid] enables exporting a specific
## key (default is to export the default key, as determined by the provider).
## Returns 0 on success, non-zero if an error occurs.
##
function psec_export_key() {
	local path="${P_STATEDIR}/security/$1/$2"
	local status=1
	
	if lazy_load psec_$2_export_key "security" "$2.provider"; then
		mkdir -p "${path}"
		status=$?
		
		if ((status == 0)); then
			psec_$2_export_key "${path}" "$2" "$3"
			status=$?
		fi
	fi
	
	return ${status}
}


## psec_generate_key <section> <provider> [expert options]
##
## Generates a new security key in the given <section> of the Pulley
## security tree, using the specified <provider>. Any additional
## [expert options] required by the provider may also be included. Returns
## 0 upon success, non-zero if an error occurs.
##
function psec_generate_key() {
	local path="${P_STATEDIR}/security/$1/$2"
	local status=1
	
	shift
	shift
	
	if lazy_load psec_$2_generate_key "security" "$2.provider"; then
		mkdir -p "${path}"
		status=$?
		
		if ((status == 0)); then
			psec_$2_generate_key "${path}" "$@"
			status=$?
		fi
	fi
	
	return ${status}
}


## psec_sign <section> <provider> <output file> <input file> [options]
##
## Generates a cryptographic signature for a given input file, writing
## the signature to a specified output file. Returns 0 on success, non-zero
## if an error occurs in the process.
##
## <section>       Section of the Pulley security tree to use
## <provider>      Selected security provider
## <output file>   Output file where the signature will be written
## <input file>    Input file for which the signature is generated
## [options]       Additional options to pass to the provider
##
function psec_sign() {
	local path="${P_STATEDIR}/security/$1/$2"
	local outfile="$3"
	local infile="$4"
	local status=1
	
	shift
	shift
	shift
	shift
	
	if lazy_load psec_$2_sign "security" "$2.provider"; then
		mkdir -p "${path}"
		status=$?
		
		if ((status == 0)); then
			psec_$2_sign "${path}" "${outfile}" "${infile}" "$@"
			status=$?
		fi
	fi
	
	return ${status}
}
